net-security.org Archives - 23 February 2013, Saturday

Cisco shows the global picture of information security Posted on 31 January 2013. | Cisco released findings from two global studies that provide a vivid picture of the rising security challenges that businesses, IT departments and individuals face. 1 Aerospace and defense firms target...

active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code...

For the second week in a row since the start of the new year, users of open source web application framework Ruby on Rails are advised to upgrade to the newly offered versions immediately due to serious vulnerabilities present in previous ones. Last week it was an SQL injection vulner...

Three new versions of popular open source web application framework Ruby on Rails have been released on Wednesday in order to fix an SQL injection vulnerability that affected all the previous versions of Rails. "Due to the way dynamic finders in Active Record extract options from meth...

Malware almost always comes in disguise, but some malware peddlers try to do a better job than others. Trend Micro researchers have recently uncovered a piece of malware that tried to pass itself off as "Trend Micro AntiVirus Plus AntiSpyware" (click on the screenshot to enlarge it): ...

is an anonymous general purpose operating system based on Virtual Box, Ubuntu GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the user's real IP/location. Whonix consists of two machines, which are connected through ...

is a hacked together Ruby script that can consume Nessus 2 files - with the help of an updated ruby-nessus gem. Prenus allows the output of a few different formats, including:Static HTML files with jQuery Datatables and Highcharts graphs XLS file (Actually a HTML Table with an .xls ex...